| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Nov 2005 23:35:02 +0530 From: crazy frog crazy frog <i.m.crazy.frog@...il.com> To: bugtraq@...urityfocus.com Subject: Midicart sql injection Midicart sql injection ================== product description(from site):- ================== MidiCart is a Try-Before-You-Buy Shopping Cart Software, that provides all you need to create, operate, and maintain a professional Internet shop. MidiCart ASP and PHP Shopping Cart is extremely easy to use, flexible, powerful and affordable e-commerce solution for your web site. details:- ======= there exists a vulnerability query string in search_list.asp file,which is vulerable to sql injection attack.an attacker can run any arbitary query. How to determine:- ================= enter following query in to search box:- 1' union select * from products' this will list all the products.it mean the installation is vulnerable. workaround:- =========== santinize the input supplied.it is stored in a variable named "searchstring". -- ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :) "oh yeah oh yeah... another wannabe, in hackerland!!!" -- ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :) "oh yeah oh yeah... another wannabe, in hackerland!!!"
Powered by blists - more mailing lists